get to do processes on the remote box, but then they also get to have

If you don't entirely trust the cpu server, you *should* export a name space from your terminal,

your control, allowing for SMI, BIOS, UEFI, bugs ...) acts as the reference monitor to your files. It's also easy to make a 9P filter that ensures

read-only access on an arbitrary 9P connection, so that even if permissions are wrong, permanent

damage is prevented. It's just a few dozen lines, much of that boilerplate. I say "terminal" above,

but it applies to any device or your own servers that connect to the untrusted server.

Ordinarily, the cpu server has access to files and devices at /mnt/term, but you control that access at the terminal.

On the cpu server itself, however, for the cpu server to access your files directly from the file server, when you

first mount /srv/boot to form the root of a name space on the cpu server, you normally give the server implicit permission to speak for you to the file server

in all subsequent transactions from that mount point, because it is multiplexing the requests of many users

on that same connnection, and you trust that it won't (say) deviously or carelessly allow another

user's process to access a fid that you've Tauth'd and Tattach'd, giving full access as you to all your files,

perhaps long after you've disconnected.